• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 521
  • Last Modified:

GRE / IPSEC pass through

I am in the process of setting up a new facility.  I have a vendor who is going to be onsite and will have his own network.  I have a cisco 2811and I am in the initial configuration stage, so nothing is locked down, yet!  This vendor has his own cisco router, and is going to connect via gre / ipsec to his corporate network.  I have configured a static nat that takes all the traffic from the public ip address, nats it to the static address (the vendors router interface).  The tunnel doesn't come up.  Am I missing something?  Can I pass this through with static nat?  My code pieces are below.  Thanks in advance for any help someone can provide.  I am also using dynamic nat on the serial interface for browsing.
interface FastEthernet0/1.31
 description vendor network
 encapsulation dot1Q 31
 ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
interface Serial0/0/0:0
 description Connection to internet
 bandwidth 1536
 ip address 12.y.y.5
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 no cdp enable
ip nat inside source static 12.x.x.1 
ip nat inside source static 
! 12.x.x.1 public ip address on my network (vendor connects to this address)
! vendors ethernet port on their router

Open in new window

1 Solution
You are missing "ip nat inside" on the Fa0/1.31 interface.

conf t
interface FastEthernet0/1.31
ip nat inside
holidayinnexpressAuthor Commented:
Jfrederick you are exactly correct.  I noticed this yesterday, and inserted that statement.  The GRE tunnel established but we could never get the ipsec up and ultimately traffic to pass.  I was receiving unexpected packet on port 4500.  We decided to punt on this and i ended up putting the public address on the ethernet port and locking it down with acl's.  Thanks for the response.

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now